Software, systems, and methods for processing digital bearer instruments

ABSTRACT

Methods and apparatus are described which enable flexible and secure processing of digital bearer instruments. An architecture is provided that enables provision of an extensible applications framework that flexibly supports a variety of features and functionality supporting title-based rights processing operations. A wide range of methods of defining and assuring rights processing operating environments extend the capabilities of rights processing operating environments in a variety of ways.

CROSS REFERENCE TO RELATED APPLICATIONS

The present application is a continuation of and claims priority under 35 U.S.C. 120 to U.S. patent application Ser. No. 11/645,139 for Software, Systems, and Methods for Processing Digital Bearer Instruments filed on Dec. 22, 2006 (Attorney Docket No. ONCLP009), which claims priority under 35 U.S.C. 119(e) to U.S. Provisional Application No. 60/755,750 filed on Dec. 29, 2005 (Attorney Docket No. ONCLP009P), and U.S. Provisional Application No. 60/765,388 filed on Feb. 2, 2006 (Attorney Docket No. ONCLP009P2). The entire disclosure of each of the foregoing applications is incorporated herein by reference for all purposes. The present application also relates to subject matter described in the following applications, each of which is incorporated herein by reference in its entirety for all purposes: U.S. patent application Ser. No. 10/232,861 (Attorney Docket No. ONCLP004), U.S. patent application Ser. No. 10/414,817 (Attorney Docket No. ONCLP004X1), U.S. patent application Ser. No. 10/414,830 (Attorney Docket No. ONCLP004X2), U.S. patent application Ser. No. 10/439,629 (Attorney Docket No. ONCLP004X4), U.S. patent application Ser. No. 10/440,286 (Attorney Docket No. ONCLP004X3), U.S. patent application Ser. No. 11/096,284 (Attorney Docket No. ONCLP002X1), U.S. patent application Ser. No. 11/155,010 (Attorney Docket No. ONCLP004C1), U.S. Provisional Patent Application No. 60/865,983 (Attorney Docket No. ONCLP010P), U.S. Provisional Patent Application No. 60/746,032 (Attorney Docket No. ONCLP008P), and International Patent Application No. PCT/US2003/015614 corresponding to International Publication No. WO 03/098398 A2 (Attorney Docket No. ONCLP004WO).

COPYRIGHT NOTICE

A portion of the disclosure of this patent document contains material that is subject to copyright protection. The copyright owner has no objection to anyone reproducing the patent disclosure as it appears in the Patent and Trademark Office patent files or records. However, the copyright owner strictly reserves all other copyrights.

BACKGROUND

The present invention relates to systems, methods, and software for providing and processing digital bearer instruments, and, more particularly, digital titles containing at least one digital bearer right, and to associated methods of electronic commerce using such systems, methods, and software. Still more particularly, the present invention provides systems, methods, and software for providing and processing such digital bearer instruments and related electronic commerce securely. The present invention therefore has relevance to the fields of computer science, computer security, and electronic commerce.

SUMMARY

According to one class of embodiments of the present invention, methods and apparatus are provided according to which one or more computing platforms are configured to instantiate one or more operating environments for processing title objects. Each title object is a digital bearer instrument representing at least one right which may be redeemed by presentation of the title object to a title-enabled process. Each title object identifies at least one of the one or more operating environments. The one or more computing platforms are configured to instantiate each operating environment by selectively instantiating a plurality of operating environment components according to a corresponding predefined operating context which specifies the operating environment. The plurality of operating environment components are operable to facilitate redemption of the rights represented by the title objects identifying the corresponding operating environment.

According to another class of embodiments, methods and apparatus are provided according to which one or more computing platforms are configured to instantiate one or more verified operating environments for processing title objects. Each title object is a digital bearer instrument representing at least one right which may be redeemed by presentation of the title object to a title-enabled process. Each title object identifies at least one of the one or more verified operating environments. The one or more computing platforms are configured to instantiate each verified operating environment by instantiating a plurality of integrity-verified components. The integrity-verified components are configured to facilitate redemption of the rights represented by the title objects identifying the corresponding verified operating environment. The instantiated integrity-verified components cannot be undetectably altered.

According to a further class of embodiments, methods and apparatus are provided according to which one or more computing platforms are configured to instantiate one or more verified operating environments for processing title objects. Each title object is a digital bearer instrument representing at least one right which may be redeemed by presentation of the title object to a title-enabled process. Each title object identifies at least one of the one or more verified operating environments. The one or more computing platforms are configured to instantiate each verified operating environment by selectively instantiating a plurality of integrity-verified components according to a corresponding predefined operating context which specifies the verified operating environment. The plurality of integrity-verified components are configured to facilitate redemption of the rights represented by the title objects identifying the corresponding verified operating environment. The selectively instantiated integrity-verified components cannot be undetectably altered.

According to still another class of embodiments, methods and apparatus are provided for processing digital bearer instruments. At least one title expressing at least one right is provided. At least one operating context corresponding to said right is provided. The context is configured to provide an operating environment effective to process the at least one right. The operating context is selected from the group consisting of embedded, named, and referenced operating contexts. The operating environment is selected from the group consisting of assured, cryptographically assured, defined, assured and defined, and cryptographically assured and defined.

There are more specific embodiments within the various classes of embodiments which relate to a variety of features. For example, according to some specific embodiments, each of the title objects identifies the operating context corresponding to the operating environment identified by the title object. The one or more computing platforms are configured to instantiate the one or more operating environments with reference to the operating contexts identified by the title objects. According to some of these embodiments, a first one of the title objects includes an operating context identifier which points to the corresponding operating context stored externally to the first title object. According to others, a first one of the title objects includes at least a portion of the operating context identified by the first title object. Alternatively, the one or more computing platforms are configured to instantiate a single operating environment with reference to the corresponding operating context.

According to embodiments in which the operating environment components comprise a plurality of integrity-verified components which cannot be undetectably altered, the one or more computing platforms may be configured to instantiate the plurality of integrity-verified components using digital signatures and manifests.

The various classes of embodiments may be implemented on a variety of platforms. Such platforms may include, for example one or more of a handheld device, a personal computer, a server, a network appliance, a piece of networking equipment, a single computing platform, or a distributed computing platform.

According to specific embodiments, a first one of the title objects may identify a plurality of operating environments each of which corresponds to a different operating context. Each of the operating environments identified by the first title object correspond to a different right represented by the first title object. The one or more computing platforms are configured to instantiate each of the operating environments with reference to one of the operating contexts.

According to some embodiments, the one or more computing platforms are deployed in a network including a plurality of additional computing platforms. First ones of the additional computing platforms corresponding to additional operating environments configured to process the title objects, wherein the one or more computing platforms are configured to interoperate with the first additional computing platforms to facilitate redemption of the rights represented by the title objects. According to embodiments in which the one or more operating environments are verified, second ones of the additional computing platforms correspond to unverified operating environments intervening between the one or more computing platforms and at least some of the first additional computing platforms.

According to a specific embodiment, a first one of the operating environment components is configured to instantiate a user interface configured to facilitate interaction by a user with selected ones of the title objects associated with the user. The user interface includes a first presentation mode in which a tab corresponding to the user interface is presented at an edge of a display window, and a second presentation mode in which a user interface window connected to the tab is overlaid on the display window. The user interface window includes user interface objects configured to facilitate interaction by the user with the selected title objects. Selection of the tab results in the user interface window appearing to slide in to or out from the edge of the display window.

A further understanding of the nature and advantages of the present invention may be realized by reference to the remaining portions of the specification and the drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a simplified diagram of the architecture of a system for processing title objects according to a specific embodiment of the invention.

FIG. 2 is an illustration of an operating context implemented according to a specific embodiment of the invention.

FIGS. 3 a-3 d illustrate an example of a user interface which facilitates interaction with title objects according to a specific embodiment of the invention.

DESCRIPTION OF SPECIFIC EMBODIMENTS

Reference will now be made in detail to specific embodiments of the invention, including the best modes contemplated by the inventors for carrying out the invention, and examples of these specific embodiments are illustrated in the text and accompanying drawings. While the invention is described in conjunction with these specific embodiments, it will be understood that it is not intended to limit the invention to the described embodiments. On the contrary, it is intended to cover alternatives, modifications, and equivalents as may be included within the spirit and scope of the invention as defined by the appended claims. In the following description, specific details are set forth in order to provide a thorough understanding of the present invention. The present invention may be practiced without some or all of these specific details. In addition, well known features may not have been described in detail to avoid unnecessarily obscuring the invention.

Embodiments of the present invention relate to rights-based technologies such as those described in International Publication No. WO 03/098398 A2; U.S. Provisional Patent Application No. 60/865,983, and U.S. Provisional Patent Application No. 60/746,032 incorporated herein by reference above. Basic principles of rights-based objects and processes which may be implemented with various embodiments of the invention are described in these publication.

-   -   Benefits of definition and assurance, benefits to         user/rights-holder, the rights-providers.     -   Pull thru all of the existing platforms.     -   Defined, assured, and defined+assured regarding UI.

Rights Processing Architecture

According to various embodiments, the present invention provides an architecture that enables provision of an extensible applications framework that flexibly supports a variety of features and functionality supporting title-based rights processing operations. Specifically, the present invention provides additional methods of defining and assuring rights processing operating environments to extend the capabilities of rights processing operating environments in a variety of novel ways. Environments for processing titles and the rights expressed therein have been established using systems and methods as described in the above-referenced International and U.S. patent applications. These environments are statically defined rights operating environments that operate in controlled server environments; the environments are established by configuring an arrangement of rights processing systems, and then providing titles that are processed by these systems.

According to some embodiments, additional capabilities have been created for rights operating environments. These capabilities permit rights processing environments to be used outside of controlled server-based environments, including operating rights processing environments in which one or more portions are formally defined or in which configurations are formally assured against tampering, spoofing, and other Internet ills. Formally defining title processing environments permits a title processing environment to determine if it is able to properly process a redeemed right expressed by at least one title prior to starting the processing of that right. It also eases the burden of provisioning title processing environments by system administrators responsible for keeping these environments operating. The formal definition of an operating environment is sometimes called an operating context. Assurance of title processing environments are technical means by which the components and configurations which comprise a title processing environment may be determined to be free from tampering or changes from a known, defined standard. In many cases, assurance is provided using cryptographic means, such as digital signatures and hashes. Application of these cryptographic means for assurance of processing environments is well understood to those skilled in the art. Some title processing environments may be both defined and assured, meaning that they are formally defined and their components are assured to be free from tampering or unauthorized changes. Defined, assured, and defined+assured title processing environments significantly extend the capabilities of title processing environments by:

-   -   supporting the seamless deployment of distributed title         processing capabilities to untrusted host computing platforms,     -   by permitting efficient identification of whether a specific         title or right being presented for redemption is being processed         by an authentic title processing environment,     -   by permitting efficient determination by the title processing         environment as to whether the specific instance of a title         processing environment is able to process the presented title in         accordance with the specifications of the right, and     -   by providing instructions to the instance of a title processing         environments as to the components required in order to process         the title.

Furthermore, in accordance with specific embodiments of the present invention, the user interaction with a title processing environment may be specified and defined in order to assure content providers and merchant sellers of the user interaction provided during title processing.

In one embodiment, the present invention provides systems, methods, and software for processing digital bearer instruments in accordance with configurations specified in at least one operating context. The operating context(s) required may be provided within an existing operating environment, as part of a title for which a right is being redeemed, or as part of an external service to one or more operating environments. In one embodiment, the present invention provides a system that comprises at least one title expressing at least one right. The creation and use of such titles and rights in accordance with the invention can be provided by those having ordinary skill in the art using specific examples can be found in the above-referenced International and U.S. patent applications. In the embodiment described here, the system further comprises at least one operating context corresponding to the right(s) expressed by the title. The operating context is configured to describe and/or provide components of an operating environment that is effective to process the right(s). There may be a no operating context provided the title, or a single operating context can be provided by the title, or there may be specific operating contexts provided for each right, or a combination of these approaches may be utilized. Among the above-described embodiments, additional embodiments include those in which the title includes at least one right that is associated with the operating context. Alternative additional embodiments include those for which the title includes at least one operating context that is associated with at least one right. If a plurality of operating contexts are provided, the resolver component in the operating environment is responsible for determining the effective operating context to use in processing the redeemed right.

Furthermore, each operating context, whether expressed as part of an operating environment or by a title, may be provided in a plurality of ways. In a first embodiment, the operating context may be “embedded”, in which case, the operating context is present within the operating environment or title. In a second embodiment, an operating context may be “named” by the operating environment or title using a name or description suitable for the purpose. For example, a name might be a globally unique ID, a textual name, or a combination of a plurality of elements such as a textual name and a version number. A named operating context may be located and made available to the operating environment by use of a directory service, a name service, a database, or equivalent service in the operating environment such as a service router. Alternatively, an operating context may be referenced from an operating environment or a title using any supported referencing technology. Some well known technologies include an XPointer and a URI. If a plurality of operating contexts are expressed within a title, each operating context may be expressed using a similar or different means. The provisions of such operating contexts can be provided by those having ordinary skill in the art using this disclosure.

An operating context is a data structure that specifies one or more aspects of an operating environment. FIG. 2 illustrates an exemplary representation of an operating context. Each operating context may be represented in any common format used for representing information. One such exemplary representation is an XML data structure such as is commonly used by those skilled in the art. Other representations, such as ASN.1, database tables, tag-value pairs, etc. may also be used without loss of generality.

Each operating context (2000) comprises zero or more instances of its component elements, each of which may be named, referenced, or included by embedding within the operating context. These component elements include an optional name or ID (2005), additional operating contexts (2010), user interface component specifications (2020), operating environment components (2030), and processing workflow specifications (2040). Each element reference may be accompanied by security indicia that may be used to verify its integrity (2011, 2021, 2031, 2041). Optional security indicia (2050) may be included for the operating context itself to permit the verification of the operating context itself.

An optional name or unique identifier may be included within each operating context in order to make the operating context uniquely identified. A preferred identification mechanism is to use a globally unique identifier such as a Microsoft GUID or a UUID as specified by DCE. Alternatively, a textual name may also be used, either in conjunction with the unique ID, or on a stand-alone basis.

Zero or more additional operating context specification (2010) may be included within an operating context. In some embodiments, these additional operating context specifications are embedded within the first operating context. In other embodiments, the additional operating context specifications may be named by the first operating context instead of being embedded within it. Alternatively, the additional operating context specifications may be named by the first operating context using any of the common referencing schemes mentioned herein. If a plurality of additional operating context specifications are included within a first operating context, each may use the same or different method selected from embedding, naming, or referencing. Each additional operating context specification included within an operating context may be accompanied by security indicia (e.g. 2041) useful in determining its authenticity and integrity.

Zero or more user interface component specifications (2020) may be included within an operating context. In some embodiments, these user interface component specifications are embedded within the first operating context. In other embodiments, the user interface component specifications may be named by the first operating context instead of being embedded within it. Alternatively, the user interface component specifications may be named by the first operating context using any of the common referencing schemes mentioned herein. If a plurality of user interface component specifications is included within a first operating context, each may use the same or different method selected from embedding, naming, or referencing. Each user interface component specification included within an operating context may be accompanied by security indicia (e.g. 2021) useful in determining its authenticity and integrity.

Zero or more operating environment components (2030) may be included within an operating context. In some embodiments, these operating environment components are embedded within the first operating context. In other embodiments, the operating environment components may be named by the first operating context instead of being embedded within it. Alternatively, the operating environment components may be named by the first operating context using any of the common referencing schemes mentioned herein. If a plurality of operating environment components is included within a first operating context, each may use the same or different method selected from embedding, naming, or referencing. Each operating environment component included within an operating context may be accompanied by security indicia (e.g. 2031) useful in determining its authenticity and integrity.

Zero or more processing workflow specifications (2040) may be included within an operating context. In some embodiments, these processing workflow specifications are embedded within the first operating context. In other embodiments, the processing workflow specifications may be named by the first operating context instead of being embedded within it. Alternatively, the processing workflow specifications may be named by the first operating context using any of the common referencing schemes mentioned herein. If a plurality of processing workflow specifications is included within a first operating context, each may use the same or different method selected from embedding, naming, or referencing. Each processing workflow specification included within an operating context may be accompanied by security indicia (e.g. 2041) useful in determining its authenticity and integrity.

Optional security indicia (2050) may be included for the operating context itself to permit the verification of the authenticity and integrity of the operating context itself. Security indicia in an operating context may be any indicia that may be used to verify the integrity of the referenced component. Often, this is a checksum, digital hash, or digital signature.

An operating environment constructed in accordance with an operating context as described above is said to be “defined”. Operating environments may be check-summed or digitally signed using well known methods, and these security indicia may be checked when an operating environment is assembled. If the environment is assembled without the use of an operating context, but the security indicia associated with the operating components are checked to assure their integrity, the operating environment is said to be “assured”. In some embodiments, the security indicia of one or more operating contexts may be used to verify each component as the operating environment is provided to ensure that the operating environment provided has not been tampered with or otherwise corrupted. Operating environments that are defined using an operating context and are constructed using the security indicia of an operating context to verify their integrity are said to be “defined+assured”.

In more specific embodiments, any one of the operating contexts described above is combined with any one of the operating environments just described, i.e., one of each operating context (embedded, named, and referenced) is combined with one of each operating environment (assured, defined, and assured and defined) to provide an embodiment of the present invention for each of the 3×3=9 different combinations. In still more specific embodiments, the operating environment is both assured and defined by an operating context. Again, the provision of such operating environments can be accomplished by those having ordinary skill in the art using this disclosure.

Each operating environment may be statically configured, in which the configuration of the components is not changed using an operating context. This implementation model is straightforward and provides title processing within fixed operational constraints. Some business models require different configurations, and these configurations may be accommodated using a plurality of operating environments, each statically configured in a different manner. As is clear to the reader, this deployment model scales poorly. A second deployment option is to use operating environments that are dynamically configured using an operating context. In this model, the operating components are all instantiated, but are only referenced and used on an as needed basis. This model, while more flexible, also scales poorly across a plurality of devices and device types. Dynamic configuration often requires a priori knowledge of workloads and system performance dynamics that are often not precomputable. Similarly, dynamic configuration mechanisms introduce issues of component distribution and whether all needed components are available at the time they are needed. A third alternative, the dynamic loading and unloading of components based upon an operating context is also provided. In this alternative model, operating environment components need not be instantiated until they are actually needed by a specific operating environment. Each operating environment may be constructed using components which are not running prior to the creation of the operating environment, which are instantiated as they are needed, and are unloaded as soon as they are used. When coupled with the ability of an operating context to embed one or more components, this provides for a portable, assured, and defined system for the processing of titles. This technology thus permits the digital bearer nature of titles to be fully expressed to the point that they can be processed immediately by a bearer. Again, the provision of such operating environments can be accomplished by those having ordinary skill in the art using this disclosure.

Still other embodiments include those of each of the above-described embodiments in which the operating environment is further configured to review said operating context upon presentation of a title. In more specific embodiments, the operating environment is configured with a resolver or controller component capable of determining whether the operating environment can process said at least one right expressed by the title. In still more specific embodiments, the operating environment is configured to determine whether one or more additional objects require configuration or instantiation to enable the operating environment to process said at least one right. In yet more specific embodiments, the operating environment is further configured to configure or instantiate one or more additional objects required to enable said operating environment to process said at least one right. As described below, this component is called a Controller. In some embodiments, the functions of Controller and Resolver are combined into a single component.

According to specific embodiments, the present invention provides methods for processing digital bearer instruments and computer-readable program code devices that are configured to implement such methods (i.e., software). The context is configured to provide an operating environment effective to process at least one right, and is further selected from the group consisting of: embedded, named, and referenced operating contexts; and said operating environment being selected from the group consisting of: assured, defined, and assured+defined operating environments.

Active User interface

Yet other embodiments of the above-described systems, methods, and software provided by the invention further comprise a user interface that is configured to allow a user to interact with the above-described operating environment. In some embodiments, the user interface further includes a slide-out window. In more specific embodiments, the above-described operating context is used to specify or control aspects of the configuration of the user interface. In other more specific embodiments, the user interface is configured to provide a presentation that is substantially coordinated with at least an aspect of said title.

In some embodiments of the invention, the user interface design and implementation is structured and has a well-defined set of interface specifications. In some embodiments, the user interface implements an operating context model that can securely and dynamically load operating environment components on an as-needed basis. In more specific embodiments, a collection comprising an operating context and one or more components is called a Operating context. A Operating context defines the user interface requirements and standards, provides a standard set of controls, and describes a variety of specified components for processing one or more aspects of a title. Examples of specified components implement features of the User interface, including, for example, the Wallet, My Stuff, and Shopping Cart functions described below. A

Operating context implemented model improves load-time performance for users, and increases the security and flexibility of the User interface. Furthermore, a User interface can coordinate the use of external services and integrate the use of external services within defined user interface requirements and standards. Such User interfaces can be provided using methods known to those having skill in the art.

As shown in FIG. 1, in one embodiment, the User interface architecture includes at least one User interface, one or more operating contexts, optional application plug-ins, associated application interface logic, an optional communications manager, and optional external services. In more specific embodiments, the User interface architecture may be deployed using servers, desktop and portable (laptop) computers, mobile devices (including, but not limited to, cell phones, PDAs, and music players), and embedded devices such as set top boxes, DVRs, and home entertainment controllers such as Microsoft's Media Center. Portions of the User interface architecture may be deployed on different systems in differing ways as determined by the implementation requirements. Such User interfaces can be provided using methods known to those having skill in the art.

In other embodiments, the User interface architecture provides for the use of services and components that effect the provision of title expressed right processing operations across the architecture. More specifically, the User interface architecture extends title expressed right processing operations to an arbitrary user interface presented upon a user interface device of a user's choice.

In some deployments, the User interface architecture may be deployed as one or more application programs that operate within an extant processing environment such as Windows XP or Java Runtime Environment. In some cases, portions of the User interface architecture may be embedded within other third party applications present in these environments, or portions of the User interface architecture may directly embedded within said extant operating system and may be used, in part, to fulfill title expressed right processing requests to the operating system. In other embodiments, portions of the User interface architecture may serve as the underlying operating system when implemented upon specific devices. Such User interfaces can be provided using methods known to those having skill in the art.

As described above, the User interface architecture comprises at least one User interface. In most embodiments, the User interface architecture includes a user interface operating on the currently in-use device (the device the user is currently using). Alternate embodiments are envisioned where the User interface operates upon a device other than the currently in-use device and communicates the user interface components to the currently in-use device using a protocol such as RDP or HTTP. Such User interfaces can be provided using methods known to those having skill in the art.

In one embodiment, the User interface is a desktop application. In such an embodiment, the Active User interface may be implemented using a development platform such as Macromedia's Flash MX 7, although it may be developed using any commercially available application development platform, including alternative versions of Macromedia's Flash such as Flash Lite, or alternative development platforms such as J2ME and BREW. Other platforms, such as FLEX, may also be employed. Alternative versions of the User interface may also be developed for specific deployments. These versions of the User interface architecture may be developed using platform specific development tools such as Windows .NET, commercially available from Microsoft. Such User interfaces can be provided using methods known to those having skill in the art.

A user interface may be invoked in several ways. In a first embodiment, the User interface is invoked by the user when they select a user interface-enabled indicator on a web site or as part of an advertising banner. In other exemplary embodiments, the User interface may be invoked when the user selects an application link that identifies an instance of a user interface to be run. Alternatively, the User interface may be directly called by an external applications program or web site, or may be started based upon recognition of specific received content. Examples of the latter may include starting the User interface on the basis of a file type association, MIME type, or upon receipt and recognition of a title, upon receipt an out-of-band communications media such as e-mail or instant messaging containing a title. Another example is distribution of content on a network such as P2P in a format that can be recognized and invoked by client applications such as P2P applications. These files are distributed in a format recognized by the application. When opened, the application displays the contents, at least in part using User interface. Alternatively, the User interface may be invoked at device startup and may be always running. In implementations where User interface functionality is embedded in other applications or operating system components, the User interface and its components may be directly called by the applications (such as a media player licensing interface) or by operating system components within which the User interface is embedded. For example, a user interface may be invoked by the Microsoft Media Player license acquisition page. Alternatively, the User interface may be involved by a file browser such as Windows Explorer. Such User interfaces can be provided using methods known to those having skill in the art.

In some embodiments, the user interface provides a title expressed right processing environment. As user herein, a title expressed right processing environment is a substantially complete operating context for the processing of operating contexts, components, and services that are combined by the User interface to produce a customizable title expressed right processing environment. The User interface combines user interface, service, and workflow specifications with implementation components in the form of services, components, and user interface elements to produce a seamless, repeatable, and secure user experience. In some embodiments, a user interface cannot provide a complete title expressed right processing environment, and so is limited to providing a subset of a complete title expressed right processing environment required for processing. This subset of a complete title expressed right processing environment is called an operating context.

The Active User interface provides flexibility in the title expressed right processing environment it provides. The Active User interface may cause the demand-load and unload of portions of the title expressed right processing environment on an as-needed basis. Similarly, the Active User interface or a title expressed right processing environment may distribute its workload as needed. In some instances, portions of the title expressed right processing environment and of other architectures that the Active User interface relies upon, may be distributed to alternate systems or devices. Similarly, service requests may be mediated by the User interface, and directed to a local instance of a service provider, may be passed to a remote service instance, or a combination of both approaches may be performed. For example, the operating environment may rely on an internal identity management component, may distribute the identity management component to another system, or may use a combination of both methods. Such User interfaces can be provided using methods known to those having skill in the art.

In order to ensure the proper functioning of the Active User interface, the operating environment may perform validation and verification of demand-loaded and/or distributed components. Demand-loaded components are also referred to herein as plug-ins. In some cases, these validation and verification may be performed by the User interface itself using well-known cryptographic means such as crypto-hashes such as those generated by MDS, a checksum or CRC, or by using methods such as self-validating packaging such as Microsoft's CAB or Java's signed JAR files. In alternate embodiments, the User interface components may be validated using SAML assertion(s) in accordance with SAML specifications. Such User interfaces can be provided using methods known to those having skill in the art.

In other embodiments, the validation and verification functions may be performed by underlying operating system functions. For example, the validation and verification of signed applications is provided by the underlying task loader in the Windows XP and Windows CE operating systems, and in the Java runtime environment. The User interface may be configured to rely on these services when executing upon these operating systems that provide this functionality.

According to some embodiments, the User interface is also cryptographically protected against tampering, and is validated and verified using techniques and processes similar to those described above prior to use.

In some embodiments, the user interface provides aspects of service management, marshalling, and service directory capabilities to the title expressed right processing environment. These aspects may include any of provision of aspects directory services (and service description), service management, identity management, title processor, display panes, and communications/session management. In other embodiments, the User interface provides service orchestration capabilities. In still other embodiments, one or more of these aspects are provided by the User interface itself, are provided by a component to the User interface, are provided by underlying operating system components, or are provided by remotely hosted services.

In some embodiments, the User interface implements a component called a Controller. In other embodiments, the functions of a Controller may be implemented as a separate service, either as a loadable component, or as an external service. A Controller is part of the title expressed right processing environment that manages the components of a title expressed right operating environment, and provides the interface and “glue” logic between at least one User interface and other services. A controller interacts with other services, such as those described below, to provide the user and service interactions to implement the specified interface and service calls necessary for the specified execution within a title expressed right processing environment or operating context.

In more specific embodiments, the Controller is used to control flows, views, validation, and similar interface functions. In some embodiments, the controller component is used to transform data flows from one format to another so they may be used within an existing specification. Part of the Controller specification may define views, languages, and protocols for communicating with other service components about the user interface. The view specification defines, in part, the layout, styles, user interface components, and the like to be used when displaying the output from a title expressed right processing environment, operating context, or external service. For example, when an output of one service is received, the controller may transform or change the format of the output to better fit within the display pane in which it is mapped. Part of the definition may include a “form” definition, that optionally specifies how the elements of the “form” may be validated by the User interface. In this case, the User interface may perform direct validation of entry fields using the form specification rather than rely on the Controller or other services for validation. This capability provides improved response times to the user and offline operation capabilities. The Controller specifies how the form and the elements can be validated, for example, using a regular expression (e.g. regex) or indication of a remote service to be used (such as phone number validation, location validation, etc.). This can be accomplished using methods known to those having skill in the art.

In other embodiments, a Controller component specifies, collects from the user or other location in the system, or manages the authentication and authorization information to be used when accessing specific services or components within a title expressed right processing environment or operating context. This can be accomplished using methods known to those having skill in the art.

In other embodiments, the User interface provides, or causes to be provided, a service called a Resolver. In other embodiments, the functions of a Resolver may be implemented as a separate service, either as a loadable component, or as an external service. A Resolver verifies aspects of a title, including aspects of operating contexts and of title structures. If there are conflicts or ambiguities in the specifications within an operating context or title structure, the Resolver is responsible for resolving the conflicts or ambiguities in a manner that permits the processing of the title to continue. In some embodiments, the functions of the Resolver and the Controller are combined in a single service or component.

In still other embodiments, the Active User interface provides, or causes to be provided to a title expressed right processing environment or operating context, directory services which identify the location, services, and required calling parameters for one or more services. In some cases, the Active User interface provides this directory of services, in others it redirects requests for directory service to a service that in turn provides these services. Alternatively, the Active User interface may determine which of multiple available directory service options should be used to fulfill a request. Such Active User interface functions can be provided using methods known to those having skill in the art.

In more specific embodiments, the Active User interface provides, or causes to be provided to a title expressed right processing environment, a service manager which manages components and external services. The service manager may be implemented as part of the Active User interface itself, or may be implemented as a plug-in, or as an external service within a title expressed right processing environment. A service manager supports, in conjunction with other components of a title expressed right processing environment, the demand loading and unloading of components, including any verification and validation requirements. In some embodiments, the service manager functionality is contained within other title expressed right processing environment components. Optionally, a service manager coordinates with an underlying operating system component to ensure these functions are performed as required to enable a title expressed right processing environment.

In some cases, the Active User interface provides, or causes to be provided as part of a title expressed right processing environment an identity management service. The identity management service may be implemented as part of the User interface itself, or may be implemented as a plug-in, or as an external service. An identity management service provides methods for validating components of the User interface architecture to ensure that they have not been tampered with and that their use is authorized within a specific instance of a title expressed right processing environment. Such User interfaces can be provided using methods known to those having skill in the art.

In some embodiments, the Active User interface additionally provides services that support the processing of titles. The title processor may be implemented as part of the Active User interface itself, may be implemented as a plug-in, or as one or more external services, or as part of an externally defined title expressed right processing environment. A title processor supports the use of titles as authorization or authentication mechanisms that may be used to control aspects of a title expressed right processing environment.

In still other embodiments, the Active User interface manages at least one display pane that is used by the Active User interface component, a title expressed right processing environment, its associated components, and external services to display service options to a user and to collect and process input from the user. A display pane is a unique portion of a display, including a window or portion of a window, used as part of an input-output operation supporting the interaction between a user and a component of a title expressed right processing environment. A screen of a display, a popup window, a slide-out or drawer display portion, and an application-defined form are all examples of a display pane. A display pane may be uniquely associated with a specific application, component, or service or it may be shared between one or more applications, components, or services. In one example implementation, the Active User interface may implement a display pane that provides an XForms compliant display. In other example implementations, other display technologies such as SMIL or XAML may be implemented as panes. Alternatively, the Active User interface may provide display panes that respond to a plurality of display technologies, and may provide a plurality of display panes that respond to one or more disparate display technologies. Such Active User interfaces can be provided using methods known to those having skill in the art.

In other embodiments, the communications/session management component of the Active User interface manages the communications between the Active User interface components and components of a title expressed right processing environment. This component is sometimes called a connection manager. Different connection managers may be provided to support different protocols, for example, a user interface may simultaneously support a connection manager that supports the SOAP protocol, one that supports an RPC over HTTP protocol, and yet another that supports SHTTP. The connection manager is preferably implemented as discrete components, but may be implemented as a single component in some implementations. The communications management component optionally includes the capability to orchestrate the completion of one or more services on behalf of the Active User interface.

The Active User interface may optionally comprise additional program logic to permit the direct integration of the Active User interface with one or more third-party applications or operating systems. This integration logic provides an interface between application and operating system calls and the Active User interface services, components, and other components of the Active User interface architecture. Such Active User interface functions can be provided using methods known to those having skill in the art.

In some embodiments, configuration information and other specifications are provided using structured definitions, such as those provided when using an XML structure. It should be noted that XML structures are described herein for exemplary purposes. However, it is understood that other representations of the information are possible, and in some cases, desirable or advantageous based upon implementation dependent characteristics of each specific method of use.

Operating Contexts and the Active User Interface

The set of resources required and/or desired to provide an aspect of a specific title expressed right processing environment, including but not limited to services, directories, components, applications, display panes, and user interface is called an operating context of the User interface architecture. A operating context is an alternate embodiment of a subset of the elements named by an operating context and describes at least one aspect of an operating context, and names, describes, references, or includes services, directories, applications, components, and user interface components required to provide the desired operating context and user interface.

The operating context that the Active User interface should use for a specific title expressed right processing environment or operating context may be defined by the Active User interface configuration, by embedded operating context, by the location from which the Active User interface is invoked, or by a title requesting User interface services.

One or more operating contexts may be simultaneously referenced by and/or used by an Active User Interface. A user interface that references a operating context may locate and load a operating context in a variety of ways. First, it may have a well-known storage location from which it loads a operating context. For example, a user interface may load a operating context from a local disk or memory store, an external disk or memory store, including an external repository site, or the User interface may look up the location of a operating context using a directory service, and then obtain a operating context either from the directory service, or from a third party source by using information provided by the directory service. Operating contexts that are loaded from locations external to a user interface where they may be subject to tampering may be optionally verified and validated using techniques similar to those described above for verifying and validating User interface title expressed right processing environment components.

In some embodiments, a plurality of operating contexts may be loaded and simultaneously operate within a

Active User interface, each used to define a disparate title expressed right processing environment. In other embodiments, the User interface operates on a single operating context at a time. A single operating context may be used to define a specific operating context, or a plurality of operating contexts may be combined to define an operating context. The User interface optionally may have a default operating context associated with it. If such a default operating context is specified, the User interface uses the specified default operating context in the absence of other operating context specifications.

A operating context may be specifically associated with a collection of services that comprise at least part of a title expressed right processing environment. A specific operating context may be associated with a specific service, Digital Commerce Engine (DCE), or DCE component. The association between a specific service or services and a specific operating context may be made on the basis of a configuration specification, a service specification, specified by the service, or based upon the information returned from an external service. One example of such an external service that may provide information describing a required operating context is an identity provider. The Active User interface, and attendant operating context specifications, defines the binding between backend services, UI and customer-facing application components, and binds these services and components with a specific look-and-feel. This binding facilitates a unified and homogonous user experience.

UI Specifications

A operating context specification of the view portion of a UI specification comprises one or more optional properties. Each optional property describes an attribute of the operating context, such as an identifier, a version, a unique name, a rights specification, a localization specification, and a unique location reference such as a URL. Some or all of these properties may be present in a specific instance of a operating context. A operating context may also reference one or more additional operating contexts in order to specify additional portions of a title expressed right processing environment. Alternatively, the operating context may specify one or more name aliases. In some embodiments, a operating context may specify a property that provides for the cryptographic authentication of the operating context itself. Such a property may comprise a cryptographic hash or digest, such as those produced by well known algorithms such as MD5, or may embody a SAML artifact, or a reference to a service that can provide the authentication materials.

Each operating context optionally comprises specification of, reference to a view specification, or reference to a hierarchical definition that taken together, comprise the specification for one or more views. Each view specification optionally specifies at least one style sheet to use, at least one skins definition, an optional task map, including the optional specification of at least one component to be loaded, and optionally defines permitted process flows.

Views, Skins and Style Sheets

In some embodiments, the views, skins, and style sheets collectively define the look and feel of the user interface component presented by the Active User interface on behalf of services operating in the context of a title expressed right operating environment. A view defines layout parameters, form objects, and presentation panes. Skins define the presentation attributes and defines common style and presentation elements, and style sheets define the appearance of the items presented (e.g. font, button shapes, colors). Collectively, views, skins, and style sheets define the following UI attributes:

A style sheet may define some or all of the following properties:

-   -   a. Fonts     -   b. Messages     -   c. Dialogs     -   d. Labels     -   e. Colors     -   f. Branding Elements     -   g. General flows     -   h. Real estate use     -   i. Windows     -   j. Menus     -   k. Forms     -   l. Layout     -   m. Help

Views, skins, style sheets may be layered and combined, providing a mechanism such that a base style sheet may define common fonts, colors, and real estate use, and subsequent style sheets may define menus, forms, help, and other service-specific features.

Each view is named with an optional property. This property can be a unique identifier such as a globally unique ID (GUID) as known to those skilled in the art, or it can be a unique URI that uniquely defines the view.

An example view specification is shown below:

- <!-- Login View XML --> - <Form class=“ViewXMLParser”> - <Screen title=“[ls]Title.label”> <Div id=“c1” compClass=“Label” style=“Label:titleBar” text=“[ls]Title.label” /> <Div id=“Space1” compClass=“SpaceBar” height=“7” color=“0xFFFFFF” _alpha=“0” /> <Div id=“c4” compClass=“Label” text=“[ls]Username.label” /> <Div id=“c5” compClass=“Input” mapOut=“Username” mapIn=“Username” /> <Div id=“c7” compClass=“Label” text=“[ls]Password.label” /> <Div id=“c8” compClass=“Input” mapOut=“Password” password=“true” <Div id=“Space2” compClass=“SpaceBar” height=“7” color=“0xFFFFFF” _alpha=“0” /> <Div id=“cC” compClass=“Line” style=“Line:dashed” /> <Div id=“Space3” compClass=“SpaceBar” height=“7” color=“0xFFFFFF” _alpha=“0” /> <Div id=“cD” compClass=“Link” action=“RecoverPassword” label=“[ls]Links.lost” /> <Div id=“regLink” compClass=“Link” action=“register” label=“[ls]Links.register” /> - <Div id=“cH” compClass=“BaseBar” style=“BaseBar”> <Param id=“b1” type=“BaseBar_Button” label=“[ls]login.label” action=“submit?login” style=“BaseBarDefault” /> <Param id=“b2” type=“BaseBar_Button” label=“[ls]cancel.label” action=“cancel” /> </Div> </Screen> </Form>

In some embodiments, skins and style sheets are used to define the look and feel of the Active User interface. Each skin and style sheet is named with an optional property. This property can be a unique identifier such as a globally unique ID (GUID) as known to those skilled in the art, or it can be a unique URI that uniquely defines the skin or style sheet. For example, the “skin” features of the user interface can be used to create a specific look-and-feel as well as support variations in process flow for a variety of user interfaces and external services. This can include both portrait and landscape versions, as well as control over the colors and components that are supported. In one embodiment, the “skin” may be in part defined using an XML structure, although alternative definition approaches may be used where appropriate. An example skin definition is shown below:

<Skin class=“GenericXMLParser”> - <!--  NOTE: all elements of type=“path” are used as variables within the operating context  --> - <!-- Path implies the directory where the was served from --> - <!-- Proto is used by buildscripts, please DO NOT REMOVE -->  <Param id=“Root” type=“path” value=“[Proto]://builder.navio.com/tts/av/” />  <Param id=“DCEPath” type=“path” value=“[Proto]://builder.navio.com/tts/” />  <Param id=“DAXPath” type=“path” value=“http://daxweb.org/ns/1.0/” />  <Param id=“DAXIcon” type=“path” value=“[DAXPath]taxonomy/Product Type/” />  <Param id=“TaskPath” type=“path” value=“[Root]tasks/” />  <Param id=“Locals” type=“path” value=“[Root]tasks/” />  <Param id=“default_language” value=“US” />  <Param id=“application_long_name” value=“User interface” />  <Param id=“servlet_map” value=“[Path]ServletMap.xml” /> - <!-- Loads a map of all services used by the operating contexts connection manager -->  <Param id=“Version” value=“VALUE” /> - <!-- Builds the initial UI layer for the operating context -->  <Clip target=“/ui” /> - <!-- Creates a hidden layer inside the operating context for loading component classes/classes -->  <Clip target=“/classes” _visible=“false” /> - <!-- Loads utility classes into the operating context -->  <Clip target=“/classes/plugins/utils” src=“[Root]plugins/utils/utils.swf” /> - <!-- Plugins into the operating context -->  <Clip target=“/classes/plugins/js” src=“[Root]plugins/js/Connector.swf” />  <Clip target=“/classes/plugins/master_event” src=“[Root]plugins/master_event/MasterEvent.swf” />  <Clip target=“/classes/plugins/dce” src=“[Root]plugins/dce/DCE.swf” />  <Clip target=“/classes/plugins/parsers” src=“[Root]plugins/parsers/parsers.swf” />  <Clip target=“/classes/plugins/localization” src=“[Root]plugins/localization/Localization.swf” />  <Clip target=“/classes/plugins/fonts” src=“[Root]fonts.swf” />  <Clip target=“/classes/plugins/icons” src=“[Root]plugins/img/icons.swf” />  <Clip target=“/classes/plugins/parsers” src=“[Root]plugins/parsers/parsers.swf” />  <Clip target=“/classes/plugins/packager” src=“[Root]plugins/packager/packager.swf” />  <Clip target=“/classes/plugins/img” src=“[Root]plugins/img/icons.swf” />  <Clip target=“/classes/plugins/user_manager” src=“[Root]plugins/user_manager/UserManager.swf” />  <Clip target=“/classes/plugins/cart” src=“[Root]plugins/cart/Cart.swf” />  <Clip target=“/classes/tasks/” src=“[Path]plugins/tasks/tasks.swf” />  <Clip target=“/classes/plugins/tooltip” src=“[Root]plugins/tooltip/tooltip.swf” />  </Skin>

Alternatively, a set of skins may be used by the User interface to define the overall look and feel of the application, including any application specific components. In the example skin definition shown below, the skin defines an alternate UI component called the drawer. The drawer “pulls” out to provide an additional display pane for displaying specific information.

<Skin class=“GenericXMLParser”> <Param id=“location0” value=“23” /> <Param id=“location1” value=“343” /> <Param id=“location2” value=“610” /> - <!-- THIS IS THE CUSTOM SKIN THAT IMPLEMENTS THE NIO OVERALL LOOK-AND-FEEL OPERATING CONTEXT INCLUDING THE DRAWER --> <Clip target=“/ui/drawer/” src=“[Skin]drawer.swf” /> <Clip target=“/ui/drawer/main/R1” class=“com.navio.tasks.RootManager” defaultApp=“Home” x=“10” y=“32” width=“247” height=“340” style=“R1” /> <Clip target=“/ui/drawer/d/R2” class=“com.navio.tasks.RootManager” defaultApp=“Login2” x=“84” y=“32” width=“247” height=“340” style=“R1” /> - <!-- <Clip target=“/ui/drawer/e/R3“ class=“com.navio.tasks.RootManager” defaultApp=‘MyStuff’ x=“600” y=“420” width=“350” height=“450” /> --> </Skin>

A style sheet may be a CSS style sheet, or may be an alterative structure that serves the same purpose. Style sheet usage and construction is understood by those skilled in the art.

Task Map

In some embodiments, a task map is used within an operational context to provide a map between specific distributed workflow operations and specific services or application components (either plug-in or built-in). For example, a task map may identify the shopping cart application component to be used in a specific implementation, and may further identify the application components, layouts, and styles to be used when working with this component.

A task map comprises one or the following elements:

-   -   Property/attributes     -   Identification     -   View identification     -   Package identification     -   Task name     -   View specification.     -   Optional localization/internationalization specification,     -   Application specifications     -   Application component specifications     -   Task definitions     -   Default package path     -   Error handling

A task map identifier may comprise a unique ID or name, consistent with other unique ID and name descriptions within the Active User interface architecture.

A task map may comprise one or more task specifications. Each task specification may include optional specifications for task names, view specifications, package specifications, skin specifications, style sheet specifications, and locale specifications. A task name provides a descriptive name for the task, such as “Accountless checkout.” A task may be associated with a specific title expressed right action, a group of title expressed right actions, or an entire operating context.

A view specification provides a specification for the look and feel for the task. Preferably, the view specification is provided in the form of an XML specification as described above. The view specification may be identified with a view identification. A view identification may comprise a unique ID or name, consistent with other unique ID and name descriptions within the User interface architecture.

A package identification may comprise a unique ID or name, consistent with other unique ID and name descriptions within the User interface architecture.

An optional localization/internationalization specification specifies the localization parameters to be used for this task. This specification may be expressly specified, or may reference a style sheet specification. In embodiments where the localization/internationalization specification is provided, there are several mechanisms available. In one embodiment, the application may follow ISO conventions for specifying various sets of localization parameters. For example, the language code may use the ISO default for “US English”.

An application component specification names or describes a user interface component (either built-in, plug-in, or external service) that provides application services for this task. User interface component references may take the forms described herein, or may take other forms appropriate to the implementation system or platform. In various embodiments, the application component specification may be a DLL or COM object, a Java class, an application operating context such as a JAR, a CORBA object ID, a service identifier or specification, or other implementation dependant method of identifying the specific application component desired. Optionally, the application component specification may specify the calling and response interface for the application component. In some embodiments, the application component specification comprises a reference to an external service enabled for the processing of title-based rights.

The task class specifications may define alternate application components or methods of specific application components that should be associated with specific distributed workflow components. For example, the task class specification may define a specific “Thank You” screen for the “Accountless checkout” task. It defines a specific application component, view, and other presentation information with a specific “Thank You Screen” as a distributed workflow event within the task manager. Upon receipt of the “Thank You Screen” distributed workflow event, the User interface causes the application component to be executed within the specified operating context.

A title (or other application component may, indirectly through its view) may specify a operating context it requires in order to provide a title expressed right processing environment. If the User interface, operating on behalf of the title is unable to locate and successfully load a specified operating context, component, or remote service, the error handler UI is invoked in accordance with the current error handler UI specification. The error handler used is the error handler associated with the current operating context, or if an error handler is not specified for the current operating context, the error handler of a parent task map or operating context, or the error handle for the default operating context is used (if defined).

In one example embodiment, a user has rights to both child and adult content. If the user is operating within a branded (for adult content) title expressed right processing environment, the operating context specification for a piece of child content may require a change in context to a different operating context (either within the same title expressed right processing environment, in a different title expressed right processing environment, or in an operating context) before permitting the user interaction to continue.

An example task map is provided below:

<Taskmap> <AddAddress view=“” package=“[TaskPath]shared.swf” /> <AddCreditCard view=“” package=“[TaskPath]shared.swf” /> <Address view=“[TaskPath]Shared/Address.xml” package=“[TaskPath]shared.swf” locals=“[TaskPath]Shared/Address” /> - <!-- Checkout --> <Cart package=“[TaskPath]Cart/cart.swf” view=“[TaskPath]Cart/Cart.xml” />  <CreditCard view=“[TaskPath]Cart/CreditCard/CreditCard.xml” package=“[TaskPath]Cart/cart.swf” /> <CreditCard_Confirm view=“[TaskPath]Cart/CreditCard/CreditCard_Confirm.xml” thankyou_actless=“[TaskPath]Cart/CreditCard/CreditCard_ThankYou_actless .xml” thankyou_actless_mobile=“[TaskPath]Cart/CreditCard/CreditCard_ThankYou_(—) actless_mobile.xml” thankyou=“[TaskPath]Cart/CreditCard/CreditCard_ThankYou.xml” thankyou_mobile=“[TaskPath]Cart/CreditCard/CreditCard_ThankYou_mobile.x ml” confirm=“[TaskPath]Cart/CreditCard/CreditCard_Confirm.xml” actless=“[TaskPath]Cart/CreditCard/CreditCard_Confirm_actless.xml” package=“[TaskPath]Cart/Cart.swf” /> <AddCreditCardAddress actless=“[TaskPath]Cart/CreditCard/AddCreditCardAddress_actless.xml” view=“[TaskPath]Cart/CreditCard/AddCreditCardAddress.xml” package=“[TaskPath]Cart/cart.swf” /> <Cash view=“[TaskPath]Cart/Cash.xml” package=“[TaskPath]Cart/cart.swf” /> <Pin view=“[TaskPath]Cart/Pin.xml” package=“[TaskPath]Cart/cart.swf” /> <ActiveVoucher package=“[TaskPath]Cart/cart.swf” view=“[TaskPath]Cart/ActiveVoucher.xml” cart=“[TaskPath]Cart/ActiveVoucher_cart.xml” /> <Activation package=“[TaskPath]Session/Session.swf” view=“[TaskPath]Session/Activate.xml” locals=“[TaskPath]Session/Activate” /> - <!-- Cart Confirm/Thankyou --> <CheckOut view=“[TaskPath]Cart/Checkout.xml” package=“[TaskPath]Cart/Cart.swf” />  <Survey view=“[TaskPath]Cart/Survey.xml” package=“[TaskPath]Cart/Cart.swf” /> - <!-- CarrierBilling Confirm/Thankyou --> - <!-- <CarrierBilling view=“[TaskPath]Cart/CarrierBilling/CarrierBilling.xml” actless=“[TaskPath]Cart/CarrierBilling/CarrierBilling_actless.xml” package=“[TaskPath]Cart/cart.swf”/> --> <CarrierBilling_Confirm view=“[TaskPath]Cart/CarrierBilling/CarrierBilling_Confirm.xml” confirm=“[TaskPath]Cart/CarrierBilling/CarrierBilling_Confirm.xml” gsmNumber=“[TaskPath]Cart/CarrierBilling/CarrierBilling_gsmNumber.xml” thankyou_actless=“[TaskPath]Cart/CarrierBilling/CarrierBilling_ThankYou _actless.xml” thankyou=“[TaskPath]Cart/CarrierBilling/CarrierBilling_ThankYou.xml” package=“[TaskPath]Cart/Cart.swf” actless=“[TaskPath]Cart/CarrierBilling/CarrierBilling_Confirm_actless.x ml” sprint_actless=“[TaskPath]Cart/CarrierBilling/CarrierBilling_Confirm_ac tless_sprint.xml” sprint=“[TaskPath]Cart/CarrierBilling/CarrierBilling_Confirm_sprint.xml ” /> - <!-- Mobile Input --> <Input_Mobile package=“[TaskPath]Cart/Cart.swf” /> <GsmNumber view=“[TaskPath]Cart/CarrierBilling/CarrierBilling_gsmNumber.xml” package=“[TaskPath]Cart/Cart.swf” /> <PhoneSelector package=“[TaskPath]Cart/cart.swf” view=“[TaskPath]Cart/PhoneSelector.xml” /> - <!-- Cash Flow --> <AddCash view=“[TaskPath]Cart/Cash/AddCash.xml” actless=“[TaskPath]Cart/Cash/AddCash_actless.xml” package=“[TaskPath]Cart/cart.swf” /> <CashCC view=“[TaskPath]Cart/Cash/CashCC.xml” package=“[TaskPath]Cart/cart.swf” /> <CashCCAddress view=“[TaskPath]Cart/Cash/CashCCAddress.xml” package=“[TaskPath]Cart/cart.swf” /> <Cash_Confirm view=“[TaskPath]Cart/Cash/Cash_Confirm.xml” confirm=“[TaskPath]Cart/Cash/Cash_Confirm.xml” actless=“[TaskPath]Cart/Cash/Cash_Confirm_actless.xml” thankyou_actless=“[TaskPath]Cart/Cash/Cash_ThankYou_actless.xml” thankyou_actless_mobile=“[TaskPath]Cart/Cash/Cash_ThankYou_actless_mobi le.xml” thankyou=“[TaskPath]Cart/Cash/Cash_ThankYou.xml” mobile_thankyou=“[TaskPath]Cart/Cash/Cash_ThankYou_mobile.xml” package=“[TaskPath]Cart/Cart.swf” /> - <!-- /Checkout --> <Contacts package=“[TaskPath]roots.swf” /> <EditAddress view=“” package=“[TaskPath]shared.swf” /> <Get AddressInfo view=“[TaskPath]Shared/AddCreditCard/AddCCInfo.xml” package=“[TaskPath]package.swf” /> <GetCCInfo view=“[TaskPath]Shared/AddCreditCard/AddCCInfo.xml” package=“[TaskPath]package.swf” /> <GetViewData view=“[TaskPath]Session/Login.xml” package=“[TaskPath]Shared/Shared.swf” /> <Home view=“[TaskPath]Home/Home.xml” guest=“[TaskPath]Home/Guest.xml” guest_details=“[TaskPath]Home/Guest_Details.xml” user=“[TaskPath]Home/User_Details.xml” package=“[TaskPath]Home/Home.swf” /> <Help view=“[TaskPath]Help/Help.xml” package=“[TaskPath]Help/Help.swf” src=“[TaskPath]Help/HelpData.xml” /> <Inbox package=“[TaskPath]roots.swf” /> <Logout view=“[TaskPath]Session/Logout.xml” package=“[TaskPath]Session/Logout.swf” locals=“[TaskPath]Session/Session” /> <Message error=“[TaskPath]Message/Error.xml” message=“[TaskPath]Message/Message.xml” prompt=“[TaskPath]Message/prompt.xml” package=“[TaskPath]Message/Message.swf” /> <MyStuff view=“[TaskPath]/MyStuff/MyStuff.xml” package=“[TaskPath]roots.swf” /> <Phone view=“[TaskPath]Shared/Phone.xml” package=“[TaskPath]shared.swf” locals=“[TaskPath]Shared/Phone” /> <Profile view=“[TaskPath]Profile/Profile.xml” package=“[TaskPath]Profile/Profile.swf” iden=“[TaskPath]Profile/p_iden.xml” addy=“[TaskPath]Profile/p_addy.xml” comm=“[TaskPath]Profile/p_comm.xml” devi=“[TaskPath]Profile/p_devi.xml” secu=“[TaskPath]Profile/p_secu.xml” phon=“[TaskPath]Profile/p_phon.xml” /> <QuickFlow package=“[TaskPath]QuickFlow/QuickFlow.swf” /> <RecoverPassword secretQuestion=“[TaskPath]Session/SecretQuestion.xml” secretAnswer=“[TaskPath]Session/SecretAnswer.xml” thankYou=“[TaskPath]Session/SecretThankYou.xml” package=“[TaskPath]Session/RecoverPassword.swf” /> <ResetPassword view=“[TaskPath]Session/ResetPassword.xml” thankYou=“[TaskPath]Session/ResetThankYou.xml” package=“[TaskPath]Session/ResetPassword.swf” /> <Session login=“[TaskPath]Session/Login.xml” register=“[TaskPath]Session/Register1.xml” register2=“[TaskPath]Session/Register2.xml” register4=“[TaskPath]Session/Register2.xml” register3=“[TaskPath]Session/Register3.xml” activate=“[TaskPath]Session/Activate.xml” package=“[TaskPath]Session/Session.swf” locals=“[TaskPath]Session/Session” /> <Wallet view=“[TaskPath]Wallet/Wallet.xml” package=“[TaskPath]Wallet/wallet.swf” /> - <!-- /Wallet --> <AccountDetail view=“[TaskPath]Wallet/AccountDetail.xml” package=“[TaskPath]Wallet/wallet.swf” locals=“[TaskPath]Wallet/AccountDetail” />  <WalletCreditCardAddress view=“[TaskPath]Wallet/WalletCreditCardAddress.xml” package=“[TaskPath]Wallet/wallet.swf” locals=“[TaskPath]Wallet/AccountDetail” /> <WalletCreditCard view=“[TaskPath]Wallet/CreditCard.xml” package=“[TaskPath]Wallet/wallet.swf” locals=“[TaskPath]Wallet/CreditCard” /> <WalletDelete_Confirm view=“[TaskPath]Wallet/Delete_Confirm.xml” package=“[TaskPath]Wallet/wallet.swf” locals=“[TaskPath]Wallet/Delete_Confirm” /> <WalletCash view=“[TaskPath]Wallet/Cash.xml” package=“[TaskPath]Wallet/wallet.swf” locals=“[TaskPath]Wallet/Cash” /> <WalletAddCash view=“[TaskPath]Wallet/AddCash.xml” package=“[TaskPath]Wallet/wallet.swf” locals=“[TaskPath]Wallet/AddCash” /> <VoucherDetails package=“[TaskPath]Cart/cart.swf” view=“[TaskPath]Cart/VoucherDetails.xml” /> <USAddress view=“[Root]components/assets/USAddress.xml” /> </Taskmap>

Class Map

In some embodiments, the above-described UI components and UI elements are described by a class map. Display panes and other display components may be represented by UI specific methods, and optionally, components. In some embodiments, UI elements such as the “slide in/slide out drawer” element, trust indicators, and/or specific display elements may have special handlers that are called when the user accesses their UI. These methods and components are mapped to their specific display elements by the class map. In this way, a class map may be used to extend the user interface component(s) specified by an operational context. An example class map is provided below:

<Classmap> - <!-- THIS FILE SPECIFIES THE COMPONENTS THAT ARE TO BE LOADED BY THE OPERATING CONTEXT --> - <!-- CELLRENDERERS ARE TEMPLATES USED BY THE COMPONENTS FOR LAYOUT, DISPLAY AND RENDERING WITHIN THE OPERATING CONTEXT --> - <!-- List CellRenderers --> <Class id=“renderers.AddressDetail” package=“[Path]components/cellrenderers/cellrenderers.swf” /> <Class id=“renderers.BlankRenderer” package=“[Path]components/cellrenderers/cellrenderers.swf” /> <Class id=“renderers.CartItemRenderer” package=“[Path]components/cellrenderers/cellrenderers.swf” /> <Class id=“renderers.ClickItemRenderer” package=“[Path]components/cellrenderers/cellrenderers.swf” /> <Class id=“renderers.CurrencyRenderer” package=“[Path]components/cellrenderers/cellrenderers.swf” /> <Class id=“renderers.DropDownButton” package=“[Path]components/cellrenderers/cellrenderers.swf” /> <Class id=“renderers.EmptyItemRenderer” package=“[Path]components/cellrenderers/cellrenderers.swf” /> <Class id=“renderers.LBI” package=“[Path]components/cellrenderers/cellrenderers.swf” /> <Class id=“renderers.MyStuffRenderer” package=“[Path]components/cellrenderers/cellrenderers.swf” /> <Class id=“renderers.TemplateRenderer” package=“[Path]components/cellrenderers/cellrenderers.swf” /> <Class id=“renderers.WalletRenderer” package=“[Path]components/cellrenderers/cellrenderers.swf” /> - <!-- UI Components --> <Class id=“components.AdapterComponent” package=“[Path]components/Components.swf” /> <Class id=“components.Address” package=“[Path]components/Components.swf” /> <Class id=“components.AddressDetail” package=“[Path]components/Components.swf” /> <Class id=“components.Background” package=“[Path]components/Components.swf” /> <Class id=“components.BaseBar” package=“[Path]components/Components.swf” /> <Class id=“components.Checkbox” package=“[Path]components/Components.swf” /> <Class id=“components.CreditCardForm” package=“[Path]components/Components.swf” /> <Class id=“components.DropDown” package=“[Path]components/Components.swf” /> <Class id=“components.Hidden” package=“[Path]components/Components.swf” /> <Class id=“components.Input” package=“[Path]components/Components.swf” /> <Class id=“components.Label” package=“[Path]components/Components.swf” /> <Class id=“components.Line” package=“[Path]components/Components.swf” /> <Class id=“components.Link” package=“[Path]components/Components.swf” /> <Class id=“components.List2” package=“[Path]components/Components.swf” /> <Class id=“components.ListItem” package=“[Path]components/Components.swf” /> <Class id=“components.Radio” package=“[Path]components/Components.swf” /> <Class id=“components.SearchBar” package=“[Path]components/Components.swf” /> <Class id=“components.Space” package=“[Path]components/Components.swf” /> <Class id=“components.SpaceBar” package=“[Path]components/Components.swf” /> <Class id=“components.TabBar” package=“[Path]components/Components.swf” /> <Class id=“components.TabBar” package=“[Path]components/Components.swf” /> <Class id=“components.TitleBar” package=“[Path]components/Components.swf” /> <Class id=“components.Image” package=“[Path]components/Components.swf” /> </Classmap>

Components—Plug-Ins, Built-Ins, and External Components

As described above, the User interface and operating environments supports the capability to dynamically reference, locate, and instantiate application components.

In some embodiments, an operating context specification causes the User interface to load or cause to be loaded the identified required components, including application components, built-in components, and external services, and fonts, skins, and related user interface components. An operating context specification may also define distributed workflow parameters, and associate specific components with portions of the workflow. The User interface implements the desired security model and session handling, including session isolation in order to provide privacy and trust shield features. Component specifications may be defined within the operating context specification, or alternatively, the operating context specification may specify one or more task maps that perform the specification of one or more desired components.

In more specific embodiments, an initial set of application components are available for the Active User interface. These comprise a operating context loader, a service resolver, a communication manager, and an application component loader.

In other embodiments, an operating context loader component instantiates a title expressed right processing environment or operating context on the basis of a operating context specification, as outlined herein.

In still other embodiments, a service resolver component uses service lookup techniques, including external service directories such as those provided by well known mechanisms such as UDDI and LDAP, service registries, and service lookup mechanisms provided by distributed component systems such as COM/DCOM and CORBA.

In yet other embodiments, a communication manager component implements communications between the User interface and one or more services. In some embodiments, the communication manager provides SOAP formatting, transmission, and retransmission services between the User interface and one or more services. The services may be provided on the same device as the communication manager, or may be provided on a different device.

In one embodiment, the communications manager component maintains connectivity and state for connections. An instance of a communications manager may communicate with more than one service. Specifically, a communications manager may simultaneously manage the communication with multiple DCEs, or different versions of services hosted on different servers.

Communications manager components may also utilize directory services by calling a service resolver component to resolve service locations and specifications.

According to some embodiments, an application component loader provides application component loading services, including downloading services to retrieve remotely stored application components, validation and verification services that ensure a component has not been tampered with and is authorized to execute, and optional task management services to control the execution of application components.

In some embodiments, a local instance of an identity management component is also provided. It is useful to have a local identity management component as part of the User interface for deployments where the User interface is not able to maintain regular communication with an external identity verification and authentication service. The identity management component that may be embedded within a user interface (or provided as another component) is used to validate components and operating context specifications. In one example embodiment, such an identity management component would cache and validate SAML assertions related to the validity of well defined components and specifications. The SAML assertions would be pre-stored in the cache for use when the User interface is not able to make an online connection to an identity verification source. The local instance of the identity management component may also be used to validate an initial or default operating context specification during User interface startup.

Components may use configuration information for defining their functionality, views, settings, and control. The configuration information may be defined locally, as part of a title expressed right processing environment, as part of an operating context, or defined as part of a network service. For example, a Wallet plug-in and components as described below may use configuration settings defined at the web site daxweb.org for looking up specifications for Credit Cards and Cash. These specifications indicate friendly names, locations for terms of use, icons, supported transactions, and controls for purchase. Examples of these configuration parameters are shown below:

<!DOCTYPE xsl:stylesheet (View Source for full doctype...)> <CashCurrencyList> <CashCurrency cashValue=“1.00” type=“http://daxweb.org/ns/1.0/currency/cash/Navio/USD” symbol=“$” ISO=“USD” friendlyName=“ Cash US$” touText=“Navio Cash US$ Terms of Use” touLink=“http://www.navio.com” purchaseAllowed=“Credit” allowPin=“0” /> <CashCurrency cashValue=“0.10” type=“ttp://daxweb.org/ns/1.0/currency/cash/Navio/credits” friendlyName=“Navio Credits” touText=“Navio Credits Terms of Use” touLink=“http://www.navio.com” purchaseAllowed=“” allowPin=“0” /> <CashCurrency cashValue=“1.00” type=“http://daxweb.org/ns/1.0/currency/cash/Fox/credits” symbol=“$” ISO=“USD” friendlyName=“Fox Dollars” touText=“Fox Dollars Terms of Use” touLink=“http://foxsports- content.navio.com/storefront/termsofuse.xhtml” purchaseAllowed=“Credit” allowPin=“0” /> <CashCurrency cashValue=“0.00” type=“http://daxweb.org/ns/1.0/currency/cash/Fox/points” friendlyName=“Fox Points” touText=“Fox Rewards Page” touLink=http://foxsports-content.navio.com/storefront/termsofuse.xhtml baseContentLink=“http://foxmusic.navio.com/” purchaseAllowed=“” allowPin=“0” /> </CashCurrencyList>

An initial set of components are available for the Active User interface:

a. Wallet b. Mobile wallet c. My Stuff (interface to Title Manager) d. Mobile “My Stuff” e. Contacts f. Settings g. Inbox h. Shopping Cart. (cross DCE) i. Cache j. Title trade/transfer

A wallet component provides an interface to an external wallet service. This service may be present on a server, including a DCE server, or may be present as a device wallet present on a mobile device such as a mobile wallet built into a cell phone. Optionally, the wallet component may reference a wallet application present on a smart card.

A mobile wallet component provides an interface to a cache-backed wallet component. A mobile wallet component interacts with multiple wallet components to provide the wallet contents local to the device, and provides optional caching of wallet contents so the wallet contents are available without the underlying wallet service being immediately accessible to the device. The mobile wallet service coordinates with a cache service to ensure that the wallet materials are securely cached on the device, and with at least one connection manager to maintain synchronization between the cache and a remote wallet service's contents. In some cases, the mobile wallet component may encumber or otherwise obligate funds that have been moved to the cache on a mobile device. Wallet services supported by the mobile wallet component are described by the configuration information for the mobile wallet component.

Additional types of wallet components may be supported in a title expressed right processing environment. Additionally, wallet components may comprise at least one component. For example, wallet component may comprise a first component for handling digital cash, a second component for credit cards, a third component for interacting with ATM systems, and a fourth component for Carrier Billing. Additional components m ay be specified and loaded as required to provide the desired functionality. Each component can be dynamically loaded by the User interface within a specified rights management processing environment or operating context as required. The components can implement specific functionality required for the transaction, skin, flow, or other aspect of the system. For example, a digital cash component can allow the user to top-up an account. A second digital cash component can allow a user to top-up and send cash, or even cash-out. A Credit Card component can support various credit cards, types of credit cards, branding, issuer specifications, viewing, editing, updating and use. For example, a first Credit Card component can support Verified by Visa, while a second credit card component supports Visa viewing and use using CVV2 entry checks.

A “My Stuff” application component provides an interface to one or more title managers. In some cases, these title managers are present within differing DCE environments and may require different rights management processing environments or operating contexts. My Stuff components and associated components can be loaded within a specified rights management processing environment or operating context as required in a manner similar to a wallet components and other components described above. For example, a first My Stuff component can simply allow viewing of content purchased, including viewing and invoking of rights, while a second My Stuff component can support components that support playing and viewing of content such as a music and video player. This second type of My Stuff plugin can invoke other components within a title expressed rights processing environment or operating context in order to satisfy the specified end user interface play/view experience.

A mobile “My Stuff” component provides an interface to a cache-backed title manager interface component. A mobile “My Stuff” component may interact with one or more title manager interface components to provide a mobile device a local copy of contents provided by various title manager interface components. It provides optional caching of title manager interface contents so the title manager contents are available without the underlying title manager interface service(s) being immediately accessible to the device. The mobile “My Stuff” service coordinates with a cache service to ensure that the title manager materials are securely cached on the device, and with at least one connection manager to maintain synchronization between the cache and a remote title manager service's contents.

A contacts component provides a user interface user access to their personal profile information. A Contacts component also allows a user interface user access to their contacts that are stored as part of an external service, such as the Home, or within a cached version of their contacts. The User interface can allow a user to maintain a list of contacts and invoke rights on the contacts to make contact, update, edit, etc. The user can receive contact information in the User interface from another user using a “send contact” and “receive contact” right. This is similar to sending and receiving a business card. The contact information may be received in the “inbox” and accepted by the user where it is then stored and managed using the Contacts component. In one example, the contact information may be stored as Titles. In an alternate embodiment, the contact information may be stored as title expressed right content, and the Contacts component provides access to the title expressed right content using one or more Titles.

In addition, a contacts component may be configured to use local cache services. A contacts component may also be configured to use a mobile service, such as a mobile title manager, to store local copies of titles.

Contact information can also be created manually by the user, or even imported by the User interface from another contact management application such as Outlook or through SynchML.

A settings component provides a user interface user access to configure User interface and device settings related to User interface operation. For example, a user interface may provide a user the ability to specify a default operating context, or default operating context settings to use, when the User interface is started. Alternatively, a settings component may provide a mechanism for configuring settings related to one or more User interfaces. For example, a settings component may provide a mechanism for a user to configure a communications manager component.

A shopping cart component provides a user interface user the ability to maintain a shopping cart. In one embodiment, the shopping cart is device specific and may span more than one DCE or site. In an alternative embodiment, the shopping cart is associated with a specific DCE or site. Different shopping cart components may be constructed, including shopping carts that provide account-based and account-free checkouts. Account-free checkout is described below.

The User interface can store information locally and allow the user to review information as well as prepare transactions or complete their end of a transaction. An example implementation of the User interface utilizes a Flash uber-cookie as a temporary storage location. This technique allows the User interface to prepare an accountless checkout where the items are stored in a local shopping cart, user entered information is then entered, and the transaction is completed when a connection is made. The User interface may notify the user that the transaction is pending the establishment of a connection, and may optionally further notify the user after the transaction is completed. The caching can allow the User interface to recover from a disconnect and allow the user to continue with other activities until a connection is made.

Offline shopping cards can be supported by a shopping cart component, where items are added to the cart and saved for later use. Examples of later use include viewing and checkout. Another type of shopping cart component can support lists of items, such as wish-lists or gift registries, where the cart is saved and communicated to a group of family and friends that can view the cart, buy content using the cart, or take other title expressed right actions against cart contents. For example, a “send update” action may be specified in which an item in a cart may be purchased offline and the shopping cart updated to reflect the count of items actually purchased. Another function that can be supported by a cart component is that of multi-merchant checkout where a user interface user can shop at any number of online sites, adding items to the cart and then completing the checkout in one transaction. Additional components can be specified within shopping cart components for supporting checkout flows such as accountful and accountless, hard goods checkout, shipping, taxes, and even inventory checks.

A cache component provides an optionally secure cache usable by other application components. Specifically, caching may be implemented for title managers, identity managers, folders, inbox, settings, and contacts in order to reduce the interactions with a DCE and databases. Caching requires intelligence within the User interface components to handle cached data, refresh data, and understand when data has changed.

In one example embodiment, the cache is secured using cryptographic means and the cache component provides key management and cache read/write services. In other embodiments, the cache component provides an unsecured storage area in a device and relies on the tamper resistant nature of the device to protect the cache contents.

In some embodiments, the cache component may implement separate cache partitions, where individual components have their own virtual instance of the cache that is isolated from other components. The isolation may occur on a component, operating context, title expressed right processing environment, or other attribute basis. In other embodiments, there is single cache that is shared by all components, context, and environments. In some embodiments, access to the cache is a title expressed right operation that may be controlled using a title or other rights-management scheme.

A title trade/transfer component provides an interface to a title manager to permit a title to be traded or transferred between users or devices. In some embodiments, the title trade/transfer component directly communicates with one or more title manager or other DCE components in order to fulfill the trade/transfer of a title. In alternative embodiments, the title trade/transfer component provides a “mini-title manager” that performs a title transfer.

Display Panes

In a preferred embodiment, the User interface provides one or more display resources, called panes, to application components. In one embodiment, a pane may comprise a window in a windowing operating system. In an alternate embodiment, a pane may be part of a screen, or may comprise a drawing area of a larger window.

FIGS. 3 a, 3 b, 3 c, and 3 d illustrate an example of the User interface user interface, comprising multiple panes, a first pane which is displayed when the User interface user accesses the User interface (FIG. 3 b, 3 c), and a second pane which is made visible when the User interface user “pulls out” the drawer to expose additional content referenced by the first pane (FIG. 3 d). The “drawer” may be “pulled out” or “pushed in” by the user, or may be optionally “pulled out” or “pushed in” under control of the User interface.

An operating context specification maps components, applications, the desired user interface look-and-feel (e.g. a skin), services, and service outputs to a specific display panes. In some embodiments, a controller component may be used to assist with mapping of these elements. In some cases, the controller component may be used to transform service outputs into a format usable within a operating context specification.

In some embodiments, specific panes are defined within the User interface. In the exemplary embodiment shown in the accompanying screen shots, the first pane is referred to as the “Primary” or “Main” pane, and the second pane is described as the “Drawer” pane.

Extensible features of the User interface also include the ability to define an operating context's look and feel using “skins” and to develop branded versions of the Active User interface that enable and/or disable specific features and component capabilities within each specific operating context.

Furthermore, a user interface may have its “look and feel” bound to it, so that it provides a specific look and feel when operating, or when operating within a specific web site and/or service. Alternatively, the look and feel may be bound when User interface is operating as a component in conjunction with a third party applications such as a music user interface. Alternatively, the User interface may take at least part of its look and feel from the configuration of the web site, service, or third party application to which it is bound. These bindings are effective either for the entire instance of the User interface, or for a specific display pane of the User interface.

For web sites, services, and third-party applications (collectively, a source) that are “User interface” aware, the source(s) may provide a specification (e.g. a operating context), a reference to a specification (e.g. , a link to the operating context, skin, or style sheet), or the identification information of a specification (e.g. a operating context, skin, or style sheet search specification, or parameters to a search service) that specifies the desired components, bindings, and look and feel. Alternatively, a source may provide a unique identifier that the Active User interface maps to a defined configuration (e.g., an identifier for a provider of child content that defines a specific operating context, skin, or style sheet).

Finally, a title may provide a specification (e.g. a operating context), a reference to a specification (e.g. , a link to the operating context, skin, or style sheet), or the identification information of a specification (e.g. a operating context, skin, or style sheet search specification, or parameters to a search service) that specifies the desired components, bindings, and look and feel desired. Alternatively, a title may provide a unique identifier that the Active User interface maps to a defined configuration (e.g., an identifier for a provider of child content that defines a specific operating context, skin, or style sheet) to be used when processing rights associated with that specific title.

Title Expressed Right Operations

This section describes example rights processing operations supported by the User interface.

Distributed Workflow

In some embodiments, a capability of the User interface architecture within a title expressed right processing environment is the definition and trusted implementation of a distributed workflow. This capability permits a workflow to be distributed between one or more services, where parts of the workflow specification describes a UI front end that defines actions, screens, and the UI look and feel associated with those screens and actions. The User interface uses these parts of the workflow specification to implement a title expressed right processing environment. A distributed workflow between a front end cart application and a set of backend cart services is shown below as an example.

First, the User interface loads and launches the cart application to run either as the main task or a “behind the scenes” task using information defined in a specific operating context (and embedded task map) to define the cart application to be run. In the task map example above, this described by the lines:

<Cart package=“[TaskPath]Cart/cart.swf” view=“[TaskPath]Cart/Cart.xml” />

The cart package (executable) is defined by the package definition, and is executed within the UI context defined by the view. The cart package is started and provides the defined cart UI in the defined pane (as defined by the view). When a user clicks on a “buy” link, the User interface receives information about the selected item, and the User interface uses the Cart class defined to add the item to the local instance of the shopping cart. Internally, the cart class calls AddToCart.

As defined in the task map (above), AddToCart defines an XML form, described by the MasterList.xml file. AddToCart calls the User interface for UI support to obtain this information. On a good response, User interface obtains the user's response. If the response was Ok, the Cart package then fires a Cartupdated event to let every listening component know the cart was updated. If the response was not Ok, a message is displayed to the user and the cart is not updated.

Once the cart has been updated, it instructs the User interface to update the pane with the updated cart information. After the user sees the changes, and clicks the “Checkout” button, the cart flow is returned to the cart application as defined by the following lines in the task map:

<CheckOut view=“[TaskPath]Cart/Checkout.xml” package=“[TaskPath]Cart/Cart.swf” />

Depending upon the state of the User interface, the state of the cart, and other factors, the Cart application then passes control to a helper application as described in the table below:

Helper application Comment User interface Status Checkout_Session standard cart flow User has a session during checkout Checkout_Accountless accountless flow no session, box unset Checkout_NoCookie prompt for login no session, box set and no save me Checkout_Cookie instant login no session, box set and save me

User Interface

In an example embodiment, the User interface provides an application user interface that comprises two panes. A first pane is provided as the main screen for the User interface, as shown in the accompanying screen shots. A second pane is provided for use with task-specific details. In one embodiment, the pane is displayed using a metaphor of a “pull out drawer”. An example of the second pane in an extended pull-out drawer is shown in the accompanying screen shots. The pull-out drawer metaphor shows how the screen real estate may be changed based upon the amount and type of information to be displayed. The pull-out drawer is shown as pulling to the side, but may be alternately configured to pull out below, above, or to the right of the first pane's display. Additionally, a plurality of drawers may be provided, optionally pulling out on the same or different sides of the first pane.

In an example embodiment, plurality of panes may be used to display information related to specific content. In the example shown in the accompanying screen shots, a second pane in a pullout drawer is used as part of a title manager interface to display the workflow actions embodied within a specific title and to provide the user interface for the actions described within that title.

The User interface provides a “trust indication” that indicates that the User interface is in secure communication with its underlying services, and that the loaded display components have been verified and validated. The trust indicator preferably will take the form of a lock symbol, as is common on web browsers to indicate a secure connection, but may be any symbol that the user understands indicates that the processing is trusted.

As shown in the accompanying screen shots, an exemplary title's rights are presented to the user as a set of buttons that permit the exercise of each right in the “drawer” display pane. The user interface presented on this pane is dynamically generated from information present in a title and within the title expressed right operating environment.

The following example XML snippet lists some common elements, attributes and values that are included in each right specification present in a title:

<Right action=“[action]” implementation=“[implementation]”> <Name>[name]</Name> <Description>[description]</Description> <Attributes> <Attribute name“visibility”>visible</Attribute> <Attribute name“restriction”>private</Attribute> <Attribute name“state”>false</Attribute> <Attribute name“order”>1</Attribute> <Attribute name“class”>primary</Attribute> </Attributes> <Conditions> [Condition elements] </Conditions> <Events> [Event elements] </Events> <Properties> [Property elements] </Properties> <Input> [Input elements] </Input> <Service> [Service elements] </Service> </Right>

The properties included in this example are:

-   -   1. The action attribute is unique.     -   2. The implementation attribute specifies the service or User         interface component that implements the right. The values are         one of “reserved I service I httpget”. Reserved implementations         reference built-in services or components and include methods         such as buy, redeem, sample, and redeliver. The service         implementations use a service and may have prerequisites. The         httpget implementations are simple references to URLs.     -   3. The Name element is a friendly name for this right and may be         displayed to the user in the User interface.     -   4. The Description element provides a friendly description of         the right and may be displayed in the User interface.     -   5. The Attributes element provides optional, specific system         properties associated with the right. These         properties/attributes are:         -   a) visibility is set to visible or hidden and will determine             whether or not the user may see the right.         -   b) restriction is set to public or private and will             determine whether or not the method can be redeemed by             anyone but the owner. Rights marked as private can only be             redeemed by the owner.         -   c) state is set to true or false and indicates to the remote             content system whether a stateful session should be setup             and maintained (for multiple access on a single redemption).         -   d) order is set to a numeric value to determine the sort             order that rights should be displayed to the user.         -   e) class is set to primary or secondary to indicate the             importance of the right and will determine how and where it             is displayed to users in the User interface.         -   f) The Conditions element contains a list of conditions that             must be satisfied before the right can be redeemed. This             includes conditions that must be enforced by the User             interface as well as expressed and enforced by device             specific implementations.         -   g) The Events element contains a list of events that must be             handled during the redemption of the right. For example, the             OnBuyComplete event will execute the identified distributed             workflow logic once a buy process has completed.         -   h) The Properties element contains a list of properties that             should be expressed by the right and used by the system(s)             that handle the right. Properties are specific             non-changeable values (i.e. constants) that are used during             redemption of the right.         -   i) The Input element contains a list of input values that             must be provided before the right can be redeemed. Inputs             are changeable values (i.e. variables) that are provided at             runtime by the system or user redeeming the right.         -   j) The Service element contains specific values as required             to describe how, and by what distributed workflow             process/endpoint the right will be implemented. The elements             and values contained within the Service element depend on             the implementation and examples are described below.

In such exemplary embodiments, the User interface associates specific rights present in the title with features of the UI. For example, a “Buy” right may specify a specific input that must be gathered, have specific prerequisites, and identifies a service that should be invoked in order to process the right. For example, a operating contexts style sheet may specify one or more style and layout elements that the right will be displayed in. In one example, the operating context may specify that rights described in a title are displayed in the “drawer” pane. The rights specification provides optional additional display guidance with its attributes, which includes positioning and display guidance. The User interface uses these attributes, along with UI specifications from the operating context, to construct portions of the user interface, including the name, description, layout, text, underlying User interface component, application component, or service to be called when this UI component is accessed for each portion of the UI. In some cases, these functions are handled by the Controller application component, or an external service. The resulting user interface may thus be dependent upon the specification contained within a specific title, as well as the specific title expressed right operating environment in use at a specific time. In some title expressed right operating environments, not all rights for a title may be displayed. Optionally, some rights may be displayed on alternate screens, or they may be hidden in scrolling areas of the UI.

An advantage of this approach is that the User interface provides improved support for rights-based commerce, where a user can operate within a specific rights-based operating environment. The operating environment may convey the desired look-and-feel to the user, down to providing mouse-over and context-sensitive help, and merge this information with the information provided for specific titles and rights.

The User interface, operating within the context of its title expressed right operating environment, may process at title by:

-   -   a. selecting one or more rights from the title.     -   b. optionally combining the rights information present in the         title with additional information from the title     -   c. optionally combining the above information with additional         information from external sources.     -   d. Using the combined information to render a user interface     -   e. Processing the user interface by interacting with a user     -   f. Executing a specified distributed workflow step on the basis         of the interactions with the user.

Step a may be performed by selecting one or more rights from a specific title, and selecting some or all of them to be included in the UI. The selection may be based, in part, upon information provided with the rights in the title.

Step b may be performed by combining the selected rights information with additional information provided in the title, or using information referenced by the title. For example, the title may include a copy of approved graphics and description of the work represented by a title, or it may include a link to that information.

Step c may be performed by combining the aggregated information from external sources, such as information provided by a storefront, from the title expressed right operating environment, or from third-party sources.

Step d may be performed by applying the user interface specifications defined in a operating context, view, or style-sheet, and rendering a user interface on a specified display pane.

Step e may be performed by processing the user interface, collecting information that the user enters, and optionally verifying at least part of the information.

Step f may be performed by the User interface calling one or more specified User interface components or external services in accordance with a specified distributed workflow. An example of a specified distributed workflow is provided by the service element in a right specification, alternative distributed workflow specifications may be provided within the title expressed right operating environment specified by a operating context.

In one embodiment, the user selects a right they wish by clicking on a button presented in the user interface.

The mapping between a user interface component, application component, or external service and a specific button, as well as the button label, help definitions, and mouse-over text, is performed as described above.

Integration

In some embodiments, a user interface may be integrated with web sites and accessed from computing devices using standard Internet protocols including HTTP, HTTPS, and WAP. In some embodiments, the

User interface may be launched from an existing web site by naming the User interface in a link, or by naming a user interface operating context in a link (which loads the User interface by association), by specifying it using a scripting language such as JavaScript, or by other means well known to those skilled in the art. A sample JavaScript application that integrates a flash-based User interface within a web site is provided below:

In some embodiments, an Active User interface may be partially deployed as a web browser plug-in that scans web pages and other content sources as they are loaded, watching for links that name a user interface, an operating context, or title. If an appropriate link is detected, the web browser plug-in rewrites the web page on the fly, adding the necessary scripting language (such as Javascript) to the web page to display the Active User interface indicator shown in the accompanying screen shots. The Active User interface indicator provides a visual indication to the user that a page is Active User interface aware.

In one embodiment, the Active User interface is provisioned with a list of web sites from which it is authorized to be launched. The Active User interface may, depending upon configuration, choose to not launch, launch in “insecure mode” (e.g. the trust indicator is not set), or may display a popup window indicating that the Active User interface is being inappropriately launched. In one example embodiment, the Active User interface may require a title to launch, said title may alternatively specify a operating context to be used.

The Active User interface may have third-party applications defined, either within the Active User interface or by use of an operating context specification and may link to these applications when so directed by a user. The linking and subsequent execution of these applications may be a title expressed right event, and be subject to a rights specification within a title or Active Voucher.

In an example embodiment, a merchant who has a right to run a user interface-Reporting service to generate a report of title-based usage of their electronic property may be provided this option upon the basis of a specific title or voucher they possess. The title or voucher may identify the specific service, or may identify a specific processing environment that includes the specified service. The user may specify the report they desire by making a service request within the specified processing environment. In the specific example, the user would click a button linked to a “Report” service provided by a user interface-Reporting server associated with a specific DCE. The user's rights as defined in the title may be used to further define the rights over the report content itself.

Alternatively, a specific title or operating context specification may specify specific third party applications, such as a music player, chat, IM, or VoIP service that should be executed when a specific right has been selected. The User interface may be used to enforce title-based access control to specific services and to mediate access to these services upon the basis of rights specified in one or more titles.

In some wireless and mobile environments, the Active User interface may be associated with a “wake-up” or other notification message. As one skilled in the art will recognize, wireless mobile environments may deliver a message to a mobile device as a “wake up” notification. These messages may be delivered using any of SMS or other messaging systems common to the wireless and mobile devices. The wake-up notification may include additional information, such as a specification for an application to respond to the notification using, a URI of a service to connect to, a operating context specification, and other information. The mobile device, upon receipt of the notification message, wakes up and uses a device specific application to connect to a network service in response to the notification. In an example embodiment, the mobile device may use a device-specific application, or an application specified in the wake-up message, to respond to the “wake up” message. In a particular example embodiment, the application used to respond to a wake-up message is the Active User interface. In an alterative example embodiment, the wake-up message may specify the Active User interface as the application to respond to the wake-up message.

In alternate embodiments, the ‘wake-up’ message may include a operating context specification, either embedded within the URI, or as an additional data element included in the message.

One method of implementing a plurality of wake-up message responders is described above, where the wake-up message specifies the desired responder. In other possible implementations, the device itself may make the wake-up responder determination. For example, the device may provide a selection mechanism in which the wake-up message responder application is determined upon the basis of at least one of: the sender of the wake-up message, at least some of the contents of the wake-up message, and device or user preferences stored in a profile in the device. Parameters to wake-up message responder application may be provided from the sender of the wake-up message, at least some of the contents of the wake-up message, and device or user preferences stored in a profile in the device. These parameters may include a operating context specification, a title, or other User interface recognized information.

An example implementation might include a device that starts the Active User interface to respond to a wake-up request from a specific sender or group of senders. Alternate implementation examples include recognizing a specific URI, or part of a URI in the wake-up message and making the selection of the User interface on that basis. A part of a URI might include a operating context specification in the address specification or in the URL parameters, as illustrated below:

-   -   https://mysite.com/first-operating         context-reference/webservice.asp?my-operating context-name

In a further illustrative example, the identification of URI or sender information may be made on the basis of information stored in the device (e.g. a list of known trusted sites).

In other implementation strategies, the Active User interface may not be invoked to respond to the wake-up message, but may respond to content being downloaded to the device. In a common usage, a wireless service provider sends a “wake-up” message to a mobile device, which then starts an application and downloads the file specified by the URI included in the wake-up message. The downloaded file may include specific content, such as ring-tones, video, application programs, or other device specific content. This content is often identified by content meta-data, such as file type, file extension, and MIME extensions. The mobile may monitor downloaded content and start the User interface user interface when content that matches a specific content type is downloaded to the device. For example, the Active User interface user interface may be started when a MIME type that identifies a title is downloaded. Alternatively, the Active User interface user interface may be started when a file with a specific file extension is downloaded. Furthermore, MIME encoding may additionally describe one of: a user interface operating context associated with the downloaded content, a user interface title name associated with the downloaded content, or a mime-type that is used to identify content that may be managed using an Active User interface. Some examples of the above-mentioned MIME-encoding techniques are provided below:

-   -   X—Operating context: 1234567890     -   X—Title: http://location-goes-here     -   X—Title: (body of title follows here)     -   X—Protected: (an example of a MIME flag)     -   Content type: X-navio/X-subtype

It should be understood by those skilled in the art that the names and values of the MIME entries may be configured as part of the implementation without affecting the scope of disclosure. The above examples describe responding to a wake-up message may be equally applied to SMS, IM, or other messaging protocols on other computing devices such as desktop computers. The above examples of monitoring downloaded content for MIME information may be applied equally well to any situation in which MIME-specified content is available, including file downloads from the Internet.

Another example of invocation is the invocation of a right to contact customer support via an online chat. In this case, the right allows the user to invoke the contact right and runs a supporting plug-in that provides a chat interface with the user. A title provides the underlying right for contacting customer support, and specifies a operating context that specifies the look and feel of a chat or IM system. Alternatively, the operating context may specify using a customer preference for chat or IM application.

Privacy and Trust Shield

The User interface implements privacy and trust shields similarly using common features of the User interface. The User interface, in effect, becomes a trusted agent which implements the requirements and business process flows specified by various parties to a transaction. Supporting the trust model is the use of authenticated components, tamper resistance of the components and assemblies, process isolation, and other technologies described herein. In some embodiments, the User interface may visually indicate when the User interface is operating in a manner that the user may trusted the outcome. For example, the User interface may indicate visually, for example, by showing the recognized “lock” symbol, that it is processing a operating context within a trusted title expressed right processing environment. In this case, trust means that the operating context has been loaded and that all of the required verification tests such as checking digital signatures or checksums have been applied and have passed. In other examples, the User interface may be processing at a reduced level of trust and may indicate this by showing a different symbol, or no symbol at all. Differing levels of trust may be indicated using different symbols or other indicia.

Similarly, the User interface may indicate, either with the same or different symbol, that the User interface itself, a web site that the User interface is launched from, or specific content or titles themselves are trusted. A user interface may identify “trusted” web sites from web site content, from a list of known trusted web sites, or using other techniques understood to those in the art.

The User interface, in essence, serves along with the DCE, as a trusted intermediary that enforces business process flows in a distributed manner It supports privacy, when desired, by isolating users from vendors by acting as a trusted third party agent that effects the desired transaction in isolation from each other, while validating to each that the defined processes are being faithfully and fairly followed. For example, a web merchant posts a piece of electronic content on a web site for sale, and User interface-enables the web site by posting a reference to a user interface along with a operating context specification that specifies that anonymous checkouts are permitted.

In some embodiments, the User interface may take one or more of the following steps to help ensure the validity of the transaction.

-   -   a) Take receipt of the electronic content,     -   b) Validate the electronic content     -   c) Manage payment for the electronic content through a trusted         intermediary     -   d) Manage the provision of additional information (such as buyer         name) to the merchant (if required).

In some cases, the User interface completes the transaction using an accountless checkout process like the one described herein, and then requests a DCE to escrow and subsequently transfer the content to the new owners, and to escrow and subsequently transfer the payment to the vendor. Depending upon application settings, a user interface may limit access to personally identifiable information about the user and may further enforce user preferences that require the use of third party escrow services that render the user anonymous to the merchant or other service provider.

In a similar example application of a User interface, a content provider permits the use of affiliate sites to sell their content. The User interface serves as trusted third party intermediary to enable commerce between an untrusted web site offering genuine content, and the payment mechanisms. The User interface becomes the proxy that takes the content title from the site, collects payment on behalf of the vendor, and facilitates the trusted exchange of payment and content using a DCE lockbox.

The User interface offered by the web site may be authenticated, either by methods described herein or, if provided as a link, authenticating the link as a link to a known trusted site and then loading trusted software from a trusted site. Alternatively, the User interface could have already been authenticated and used by the user, and a previously authenticated local instance of the User interface operated on the device. The user may visually determine if the User interface is authentic by looking for a trusted icon, or by using an alternative means such as requesting that the User interface itself be validated by the underlying operating system (if one is present). Alternatively, a user interface may optionally display its authentication credentials to the user upon request by the user.

The User interface may use its service interface to request additional services from DCE applications and may provide the front end UI to these services. For example, a merchant or publisher may use the User interface to manage and generate reports about their titles. The merchant's User interface may present a title that contains rights to generate specific reports to a merchant. The merchant may use the User interface to manage the title that contains these rights, and to request the reports from a service using the title as their evidence of the right to have and possess the newly generated report.

Accountless Checkout

According to some embodiments, the User interface application supports an “accountless” checkout service in addition to traditional account-based checkout models. In this model, a user interface user does not require an account in order to make a purchase.

The basic flow is outlined below:

-   -   1. User clicks an Offer on a storefront (Any generic offer will         do for this example).     -   2. Offer is placed in shopping cart.     -   3. User clicks checkout (and indicates that they do not have an         existing account)     -   4. User is prompted to enter a credit card (assuming a credit         card purchase)     -   5. User confirms purchase     -   6. User gets a thank you page and a link to activate their         account     -   7. User optionally activates their account, and stores the         account information.

1. The User interface sends a SOAP request to the Checkout web service. This service will coordinate all checkout activities on behalf of the User interface. The User interface sends the Shopping Cart information along with the Credit Card being used for purchase (or other purchase details such as that required for input on buy, carrier billing, etc.).

2. The Checkout service obtains an account to use with an identity provider service. In a first embodiment, the checkout service registers a new account with an Identity Provider service. Although it is “accountless” checkout, an account is created—it will just be an unassigned, single use account until a user interface user decides to activate it.

3. The Checkout service then invokes PurchaseTitles on behalf of the User interface to initiate the transaction and receive a Payment Slip.

4. The Checkout service then adds the Credit Card on behalf of the User interface to maintain a record of the Credit Card in the event the user activates their account.

5. The Checkout service then makes a SubmitPayment request on behalf of User interface. When this request is complete, the user receives a thank you page with a link that allows them to activate the account.

The user can optionally activate the account so that it can be reused for subsequent purchases. When they click on the “activation” link, the User interface shows a registration page and then sends an activation request to the new Identity Provider service. For this to happen, the Checkout service sends an account activation key back to the User interface in the checkout response. This key is sent to the Identity Provider to activate the account. Note, for security reasons, the account can only be activated as part of this checkout sequence. Once the user navigates away from the Thank You page, the account can no longer be activated. There may also be a time-to-live constraint placed on the activation request.

CONCLUSION

While the invention has been particularly shown and described with reference to specific embodiments thereof, it will be understood by those skilled in the art that changes in the form and details of the disclosed embodiments may be made without departing from the spirit or scope of the invention. In addition, although various advantages, aspects, and objects of the present invention have been discussed herein with reference to various embodiments, it will be understood that the scope of the invention should not be limited by reference to such advantages, aspects, and objects. Rather, the scope of the invention should be determined with reference to the appended claims. 

What is claimed is:
 1. A computer-implemented method, comprising: receiving a digital bearer instrument representing a right, the digital bearer instrument identifying an operating environment for processing the digital bearer instrument; instantiating a plurality of operating environment components according to an operating context that specifies the operating environment; and processing the digital bearer instrument using the plurality of operating environment components in connection with redemption of the right.
 2. The method of claim 1, wherein the digital bearer instrument also identifies the operating context.
 3. The method of claim 2, wherein the digital bearer instrument includes an identifier that points to the operating context stored externally to the digital bearer instrument, the method further comprising retrieving the operating context using the identifier.
 4. The method of claim 2, wherein the digital bearer instrument includes a portion of the operating context.
 5. The method of claim 1, wherein the plurality of operating environment components comprise a plurality of integrity-verified components that cannot be undetectably altered, and wherein instantiating the operating environment components comprises instantiating the plurality of integrity-verified components using digital signatures and/or manifests.
 6. The method of claim 1, wherein the digital bearer instrument represents a second right and identifies a second operating environment, the method further comprising: instantiating a second plurality of operating environment components according to a second operating context that specifies the second operating environment; and processing the digital bearer instrument using the second plurality of operating environment components in connection with redemption of the second right.
 7. The method of claim 1, wherein processing the digital bearer instrument using the plurality of operating environment components includes interoperating with an additional operating environment to facilitate redemption of the right.
 8. The method of claim 7, wherein the additional operating environment is an unverified operating environment.
 9. The method of claim 1, wherein instantiating the operating environment components comprises instantiating all of the operating environment components and using the operating environment components as needed to process the digital bearer instrument.
 10. The method of claim 1, wherein instantiating the operating environment components comprises instantiating the operating environment components as needed to process the digital bearer instrument.
 11. The method of claim 10, unloading each operating environment component after it has been used.
 12. The method of claim 1, wherein the plurality of operating environment components implements one or more of a user interface, a verifier configured to verify integrity of any of the operating environment components, a directory, a state process that includes an entry for each digital bearer instrument that indicates validity of the corresponding digital bearer instrument when the entry is synchronized with state information associated with the corresponding digital bearer instrument, a manager configured to facilitate management of a set of digital bearer instruments by a corresponding user, a publisher configured to generate digital bearer instruments, or a resolver configured to facilitate redemption of the rights associated with digital bearer instruments.
 13. The method of claim 1, wherein processing the digital bearer instrument using the plurality of operating environment components includes interoperating with a verified computing platform and an unverified computing platform intervening between the operating environment and the verified computing platform.
 14. A system, comprising: one or more data stores having a digital bearer instrument and an operating context stored therein, the digital bearer instrument representing a right, the operating context specifying an operating environment configured to process the digital bearer instrument in connection with redemption of the right, the operating context being selected from the group consisting of: an embedded operating context, a named operating context, and a referenced operating context; and one or more computing devices configured to instantiate the operating environment in response to receipt of the digital bearer instrument and with reference to the operating context, the operating environment being selected from the group consisting of: assured operating environment, cryptographically assured operating environment, defined operating environment, assured and defined operating environment, and cryptographically assured and defined operating environment.
 15. The system of claim 14, wherein the operating context is one of embedded within the digital bearer instrument, named by the digital bearer instrument, or referenced by the digital bearer instrument.
 16. The system of claim 14, wherein the operating environment is one or more of defined by the operating context, statically configured in accordance with the operating context, dynamically configured in accordance with the operating context, dynamically loaded in accordance with the operating context, or dynamically unloaded in accordance with the operating context.
 17. The system of claim 14, wherein the one or more computing devices are further configured to review the operating context upon receipt of the digital bearer instrument.
 18. The system of claim 17 wherein the one or more computing devices are further configured to determine whether the operating environment can process the digital bearer instrument.
 19. The system of claim 18, wherein the operating environment is further configured to determine whether one or more additional objects require configuration or instantiation to enable the operating environment to process the digital bearer instrument.
 20. The system of claim 19, wherein the operating environment is further configured to configure or instantiate the one or more additional objects. 